#!/bin/bash

# Slackware build script for Nikto Web Scanner

# Copyright 2010-2011 Marco Bonetti <sid77@slackware.it>
# Copyright 2015-2017 Brenton Earl <brent@exitstatusone.com>
# All rights reserved.
#
# Redistribution and use of this script, with or without modification, is
# permitted provided that the following conditions are met:
#
# 1. Redistributions of this script must retain the above copyright
#    notice, this list of conditions and the following disclaimer.
#
# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ''AS IS'' AND ANY EXPRESS OR IMPLIED
# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
# EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
# PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
# OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
# OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
# ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

cd $(dirname $0) ; CWD=$(pwd)

PRGNAM=nikto
VERSION=${VERSION:-2.1.6}
BUILD=${BUILD:-2}
TAG=${TAG:-_SBo}
PKGTYPE=${PKGTYPE:-tgz}

if [ -z "$ARCH" ]; then
  case "$( uname -m )" in
    i?86) ARCH=i586 ;;
    arm*) ARCH=arm ;;
       *) ARCH=$( uname -m ) ;;
  esac
fi

# If the variable PRINT_PACKAGE_NAME is set, then this script will report what
# the name of the created package would be, and then exit. This information
# could be useful to other scripts.
if [ ! -z "${PRINT_PACKAGE_NAME}" ]; then
  echo "$PRGNAM-$VERSION-$ARCH-$BUILD$TAG.$PKGTYPE"
  exit 0
fi

TMP=${TMP:-/tmp/SBo}
PKG=$TMP/package-$PRGNAM
OUTPUT=${OUTPUT:-/tmp}

if [ "$ARCH" = "i586" ]; then
  SLKCFLAGS="-O2 -march=i586 -mtune=i686"
  LIBDIRSUFFIX=""
elif [ "$ARCH" = "i686" ]; then
  SLKCFLAGS="-O2 -march=i686 -mtune=i686"
  LIBDIRSUFFIX=""
elif [ "$ARCH" = "x86_64" ]; then
  SLKCFLAGS="-O2 -fPIC"
  LIBDIRSUFFIX="64"
else
  SLKCFLAGS="-O2"
  LIBDIRSUFFIX=""
fi

set -e

rm -rf $PKG
mkdir -p $TMP $PKG $OUTPUT
cd $TMP
rm -rf $PRGNAM
tar xvf $CWD/$PRGNAM-$VERSION.tar.gz
cd $PRGNAM-$VERSION
chown -R root:root .
find -L . \
 \( -perm 777 -o -perm 775 -o -perm 750 -o -perm 711 -o -perm 555 \
  -o -perm 511 \) -exec chmod 755 {} \; -o \
 \( -perm 666 -o -perm 664 -o -perm 640 -o -perm 600 -o -perm 444 \
  -o -perm 440 -o -perm 400 \) -exec chmod 644 {} \;

# Force SBo shipped LW2 module
patch -p1 --verbose < $CWD/patches/nikto.pl.diff
patch -p1 --verbose < $CWD/patches/replay.pl.diff
patch -p1 --verbose < $CWD/patches/nikto_core.plugin.diff

# Fix path for Slackware
patch -p1 --verbose < $CWD/patches/man_page.diff

# Fix CVE-2018-11652: https://nvd.nist.gov/vuln/detail/CVE-2018-11652
# Allows remote attackers to inject arbitrary OS commands via the
# server field in an HTTP response header, which is directly
# injected into a CSV report
# PoC: https://www.exploit-db.com/exploits/44899/
patch -p1 --verbose < $CWD/patches/CVE-2018-11652-CSV-injection.patch

# Install executable
if [ "$ARCH" = "x86_64" ]; then
  install -Dm 755 $CWD/nikto64.sh $PKG/usr/bin/nikto
else
  install -Dm 755 $CWD/nikto.sh $PKG/usr/bin/nikto
fi

# Install the rest
install -d $PKG/usr/lib${LIBDIRSUFFIX}/nikto
cp -a program/* $PKG/usr/lib${LIBDIRSUFFIX}/nikto
install -Dm 644 program/nikto.conf $PKG/etc/nikto.conf.new
install -Dm 644 documentation/nikto.1 $PKG/usr/man/man1/nikto.1
install -Dm 755 program/replay.pl $PKG/usr/bin/replay.pl

# Remove the upstream shipped libwhisker2
rm -f $PKG/usr/lib${LIBDIRSUFFIX}/nikto/plugins/LW2.pm

# Clean up duplicate config
rm -f $PKG/usr/lib${LIBDIRSUFFIX}/nikto/nikto.conf

find $PKG -print0 | xargs -0 file | grep -e "executable" -e "shared object" | grep ELF \
  | cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null || true

find $PKG/usr/man -type f -exec gzip -9 {} \;
for i in $( find $PKG/usr/man -type l ) ; do ln -s $( readlink $i ).gz $i.gz ; rm $i ; done

mkdir -p $PKG/usr/doc/$PRGNAM-$VERSION
cp -a program/docs/nikto_manual.html program/docs/*.txt README.md \
  $PKG/usr/doc/$PRGNAM-$VERSION/
rm -r $PKG/usr/lib${LIBDIRSUFFIX}/nikto/docs
cat $CWD/$PRGNAM.SlackBuild > $PKG/usr/doc/$PRGNAM-$VERSION/$PRGNAM.SlackBuild

mkdir -p $PKG/install
cat $CWD/slack-desc > $PKG/install/slack-desc
cat $CWD/doinst.sh > $PKG/install/doinst.sh

cd $PKG
/sbin/makepkg -l y -c n $OUTPUT/$PRGNAM-$VERSION-$ARCH-$BUILD$TAG.$PKGTYPE
